github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-10-01 12:07:46 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,468 Commits 55 Branches 109 Tags
2915ee60e23587e9e0ad4d1c1f13a43b9a208a63
Commit Graph

175 Commits

Author SHA1 Message Date
Felipe Zimmerle
ef7f65db90 Changes debuglogs schema to avoid unecessary str allocation 2018-10-23 17:00:16 -03:00
Victor Hora
28f6f2201f Match m_id JSON log with RuleMessage and v2 format 2018-10-12 13:10:11 -04:00
Felipe Zimmerle
4dd2812757 Adds new transaction constructor that accepts the transaction id as parameter. 2018-09-24 21:36:06 -03:00
Felipe Zimmerle
c721e101c0 Adds request IDs and URIs to the debug log 2018-09-24 21:07:11 -03:00
Victor Hora
a719871458 Fix matching condition and adjust test case 2018-09-11 20:53:17 -03:00
Victor Hora
379f370095 Fix SecResponseBodyAccess and ctl:requestBodyAccess directives 2018-09-11 20:52:30 -03:00
Felipe Zimmerle
42a472adbd Check if response body inspection is enabled before process it 2018-05-08 10:59:30 -03:00
Felipe Zimmerle
d0b423fdd7 Adds time stamp back to the audit logs 
Fix issue #1762
 2018-05-03 13:37:01 -03:00
Felipe Zimmerle
ac100785d1 Fix compilation issue while xml is disabled 2018-02-21 16:15:05 -03:00
Felipe Zimmerle
eeec7efb68 Renames collection::Variable to VariableValue 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
6f7fdd9493 Using direct variable access instead m_collections 2018-02-20 13:40:01 -03:00
Felipe Zimmerle
3fb71f32d8 Coding style fixes 2017-11-13 22:32:11 -03:00
Felipe Zimmerle
34e8b140e5 Setting http response code on the auditlog 2017-10-19 23:27:30 -03:00
Felipe Zimmerle
274f9e5aa1 Refactoring on RuleMessage class, now accepting http code as parameter 2017-10-19 23:00:47 -03:00
Felipe Zimmerle
39fb75c34d Having disruptive msgs as disruptive [instead of warnings] on audit log 
Issue #1592
 2017-10-17 14:58:04 -03:00
Felipe Zimmerle
30364628a0 Makes clear to the user when audit log is empty due to missing JSON sup. 2017-10-10 10:25:53 -03:00
Victor Hora
63bef3d142 Support to JSON stuff on serial logging 2017-10-09 09:02:31 -03:00
Dávid Major
a5266d6d1c Store the connection and url parameters in std::string 2017-09-29 17:18:30 +00:00
Felipe Zimmerle
7ac6bf7241 Fix memory issues while resolving variables 2017-08-27 22:06:20 -03:00
Felipe Zimmerle
9069a453e5 Revert "Treating ARGS_NAMES as an array instead of scalar" 
This reverts commit 1d3c4c670d.
 2017-08-24 00:10:42 -03:00
michaelgranzow-avi
3a048ee2db Support --enable-debug-logs=no option of configure script (#2) 
* Support --enable-debug-logs=no option of configure script

* Undo unintended white space changes

* Undo more unintended white space changes

* Address review comments - thanks Mirko

* Address more review comments - thanks Mirko
 2017-08-23 23:50:16 -03:00
Felipe Zimmerle
1d3c4c670d Treating ARGS_NAMES as an array instead of scalar 
Both value and key are the same.
 2017-08-22 18:26:56 -03:00
Felipe Zimmerle
c22658ec80 Adds `msc_update_status_code' method to the libmodsec api 2017-08-20 18:52:50 -03:00
Felipe Zimmerle
b4051246b1 Adds support to SecResponseBodyMimeTypesClear 2017-08-16 22:21:03 -03:00
Felipe Zimmerle
48f1470269 Adds support to SecArgumentSeparator 2017-08-16 18:27:51 -03:00
Felipe Zimmerle
0508395f8d Forces REQBODY_ERROR to zero whenever there is a valid XML 2017-07-31 14:12:18 -03:00
Felipe Zimmerle
b36c4260c1 Adds a graceful error if there is no memory for request body inspection 
Issue #1517
 2017-07-31 13:09:09 -03:00
Lasse Karstensen
bce5ef7704 Add the missing g in Transaction::GetReponseBodyLenth() 
This commit fixes a typo in the method name for retrieving
the body length.
 2017-07-28 22:30:25 -03:00
Felipe Zimmerle
4bec6b0019 Adds support to ctl:ruleEngine 2017-07-27 22:05:10 -03:00
Felipe Zimmerle
1f1e8324b1 Includes HTTP version and response code on auditlogs/F 2017-07-25 23:24:36 -03:00
Felipe Zimmerle
43cb8ed652 Adds support to C section on auditlogs 2017-07-25 23:13:23 -03:00
David Buckle
d465c2f1a3 Removes the beauty of the JSON logging 
The beautify options makes the JSON easy to be read by human eyes.
No need to have pretty print JSON for production, as beautify the JSON
is not a hard task. Atop of that there are some disvantages to use the
JSON in pretty format, as described on the issue: #1472
 2017-06-27 08:39:58 -03:00
Felipe Zimmerle
49b7ea99e6 Adds a set of sanity checks to validate API inputs (1 of 2) 2017-06-21 12:59:19 -07:00
Felipe Zimmerle
f5b47a8077 Duplicates the url variable in the disruptive action 
The log message needs to be freed by the consumer. Doing the same with
the url to keep the API consistent.
 2017-06-19 18:32:17 -03:00
Felipe Zimmerle
4726912ec8 Audit Log: Adds space after response size 
Reported at #1452
 2017-06-16 22:55:15 -03:00
Michael Simpson
7e59250068 Fix JSON parsing error message 2017-04-24 16:37:35 -03:00
Felipe Zimmerle
d15b57895b Fix the Multipart parser error for unknown content type 2017-03-28 09:38:10 -03:00
Felipe Zimmerle
e2af60e765 Expands log_cb to share ruleMessage structure instead text 
Text version still available and it is the default options
 2017-03-06 15:02:04 -03:00
Felipe Zimmerle
c3cb23f47d Removes the ';' from the x-www-form-urlencoded body-processor comparison 2017-03-06 15:02:03 -03:00
Felipe Zimmerle
39761ce7b8 Discards the `charset' from the C-T while checking for body processors 
Issue #1330
 2017-03-06 15:02:03 -03:00
Felipe Zimmerle
7ab192e90f Using method instead of procol in the audit logs. 
Issue #1331
 2017-03-06 15:02:03 -03:00
Felipe Zimmerle
4ad3574cf2 Adds offset regression tests and assorted fixes on var's offsets 2017-03-06 15:02:02 -03:00
Felipe Zimmerle
6f47462110 Fix compilation when YAJL is not present 2017-03-06 15:02:00 -03:00
Felipe Zimmerle
d851699529 Adds references to the collection variables 2017-03-06 15:02:00 -03:00
Felipe Zimmerle
f2d149fc5f Extends the direct access model to other collections 2017-03-06 15:02:00 -03:00
Felipe Zimmerle
ca24b6bb06 PoC: Adds support to direct access on ARGS collection 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
c1f11ab4e5 Cosmetics: assorted fixes on the coding style 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
ecbf292f6d Adds first PoC for the operator offset feature 2017-03-06 15:01:59 -03:00
Felipe Zimmerle
e95555132e Contionuation of 1 time variable patch 
Now we have almost 100% of the transaction variables hosted on the
new schema. Variable modifcators (count and exclusion) are not yet
supported on the new schema. Notice that setvar is now using the
parser.
 2017-03-06 15:01:58 -03:00
Felipe Zimmerle
703da3c4f0 Adds PoC about 1-time variable resolution and draft for offset 
There is no need for the variable purely associated with the
transaction (transient) be part of collection that demands
lookups. Also, those variables will held the concept of offset:
The offset from the first byte of the request till the start of
the variable.
 2017-03-06 15:01:52 -03:00